oss-sec mailing list archives
CVE id request: blender
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Mon, 27 Oct 2008 17:57:58 +1100
Hi There is a programming error in blender that can lead to arbitrary code execution. Description: Blender's BPY_interface calls PySys_SetArgv such that Python prepends sys.path with an empty string. This allows the possibility to run arbitrary code on the user's system if there is a python file in Blender's working directory named the same as one that Blender's python scripts try to import. Debian Bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 Could I please get a CVE id for this? Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: blender Steffen Joeris (Oct 26)